Major Security Hole at Tumblr

0

It’s not a good day for tumbleblogging. Someone over at Hacker News just noticed that users can access an admin panel for the site by entering a simple admin URL after signing in.

Among the capabilities exposed is the ability to search for users and reset their passwords. You can also change their email addresses, view their activity logs, and change other miscellaneous settings like daily limits on post types.

According to the person who posted the exploit on Hacker News, Tumblr has already been notified of the security hole but apparently has yet to fix it. Update: They’ve just fixed it. It was a known exploit for about an hour.Update 2:Tumblr’s security notice.

0

Crunchbase

OverviewTumblr is a microblogging platform and social networking website allowing users to post multimedia and other content to a short-form blog. Its users also have the ability to follow other users' blogs, as well as make their blogs private. Much of the Tumblr’s features are accessed from the dashboard interface, where the option to post content and posts of followed blogs appear. This media network …